Phishing with no bait

I’m sure you have received by now many plausible looking emails from assorted banks, many of which you do not have an account with, saying something like: “we need to update some information due to a possible security breach: please click here and give us your details so we can suck all the money out of your account you dimwit”.  Sometimes the phrasing is a little different, especially at the end, but you get the general idea.  I must admit the first time I saw one of these I thought for several seconds before hitting the delete key, but now they are ten a penny and we all ignore them in the same way we ignore unsolicited emails saying “I love you; please click on this attachment to find out more, sucker”.

With this in mind I have been wondering when the next enterprising criminal would raise the bar on phishing emails of this type and manage to construct something original and plausible, tempting yet authoritative.  E-criminals and the authorities are a little like cheetahs and gazelles, locked in a never-ending battle of wits, so what is the next turn of speed that phishing can offer?

I am pleased to declare that it was not the email I just received, purportedly from “Citibank”.  The first clue was the title was “Citibank Account Informations” (sic).  Banks have their flaws, but they usually manage to master basic spelling in the title of their communications – “informations”?  The next clue that this could possibly be less than legitimate was that instead of taking the minimal trouble of copying something like a Citibank logo from their web page, which let’s face it takes about five seconds, these jokers managed no logo and an email entirely with a yellow background, rather than the Citibank corporate blue and white.

The text itself declares that “Citibank account is about to expire”.  Not quite English either, but also guys: expire?  Bank accounts may do many things, have terms and conditions changed, interest rates updated etc, but one thing that they never, ever do is expire.  I can just see the bank advertising campaign for one of these now: “open an account with us, give us your money, but don’t wait too long before accessing it as it will expire; sorry”.  Even if they said it really quickly as they do at the end of radio adverts I think this would be hard to pull off.  

The email concludes with two lines of text which contain a further two grammatical errors and a couple of capital letters used incorrectly.

Whatever happened to criminal ingenuity?  It makes me positively misty eyed about Nigerian 419 scam letters, where at least you don’t expect the English to be perfect.  Maybe they have started to outsource these scam emails but are having teething troubles with quality control?